[SystemSafety] Schiaparelli Incident Investigation - "Very Preliminary" Results
Martyn Thomas
martyn at thomas-associates.co.uk
Thu Nov 24 10:47:27 CET 2016
On 24/11/2016 06:10, Peter Bernard Ladkin wrote:
> As Schiaparelli descended under its parachute, its radar Doppler altimeter functioned correctly and
> the measurements were included in the guidance, navigation and control system. However, saturation –
> maximum measurement – of the Inertial Measurement Unit (IMU) had occurred shortly after the
> parachute deployment. The IMU measures the rotation rates of the vehicle. Its output was generally
> as predicted except for this event, which persisted for about one second – longer than would be
> expected.
>
> When merged into the navigation system, the erroneous information generated an estimated altitude
> that was negative – that is, below ground level.
This looks like an overflow into the sign bit. But, whatever caused the
program to generate a negative altitude, the possibility could have been
found by static analysis if they had used a suitable programming
language with analysis tools (such as SPARK).
I hope that the investigation will report on why the software used
engineering methods that failed to prevent this error, and that it will
make appropriate recommendations.
Martyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161124/4c70eda0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 560 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161124/4c70eda0/attachment.pgp>
More information about the systemsafety
mailing list